aboutsummaryrefslogtreecommitdiffstats
path: root/models
diff options
context:
space:
mode:
authorUnknwon <joe2010xtmf@163.com>2015-01-30 18:12:30 -0500
committerUnknwon <joe2010xtmf@163.com>2015-01-30 18:12:30 -0500
commitee6786216a608fca2de322c90c7256577f2a500a (patch)
treeed91cff422302deb3b2f7da6744c8590ac90207b /models
parent37fcc8daf2d7d86e4d0f8baaeab0b2e11e5ec8d0 (diff)
downloadgitea-ee6786216a608fca2de322c90c7256577f2a500a.tar.gz
gitea-ee6786216a608fca2de322c90c7256577f2a500a.zip
modules/base: clean code with #838
Diffstat (limited to 'models')
-rw-r--r--models/repo.go7
1 files changed, 2 insertions, 5 deletions
diff --git a/models/repo.go b/models/repo.go
index 65689b6a1e..58c099d490 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -7,7 +7,6 @@ package models
import (
"errors"
"fmt"
- "html"
"html/template"
"io/ioutil"
"os"
@@ -218,11 +217,9 @@ func (repo *Repository) HasAccess(uname string) bool {
// DescriptionHtml does special handles to description and return HTML string.
func (repo *Repository) DescriptionHtml() template.HTML {
sanitize := func(s string) string {
- // TODO(nuss-justin): Improve sanitization. Strip all tags?
- ss := html.EscapeString(s)
- return fmt.Sprintf(`<a href="%s" target="_blank">%s</a>`, ss, ss)
+ return fmt.Sprintf(`<a href="%[1]s" target="_blank">%[1]s</a>`, s)
}
- return template.HTML(DescPattern.ReplaceAllStringFunc(base.XSSString(repo.Description), sanitize))
+ return template.HTML(DescPattern.ReplaceAllStringFunc(base.Sanitizer.Sanitize(repo.Description), sanitize))
}
// IsRepositoryExist returns true if the repository with given name under user has already existed.